Snort mailing list archives
Re: so_rules are not processed by pulledpork underFreeBSD 9.1
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Fri, 10 May 2013 06:46:14 +0000
On Thu, May 9, 2013 at 4:55 PM, JJ Cummings <cummingsj () gmail com> wrote:
In you pp conf try specifying 2.9.4.5 as your snort_version Sent from the iRoad On May 9, 2013, at 7:33, "Seth Dunn" <seth () d2ms com> wrote:
I have tried, and pp puts so_rules in correct path, but it doesn't process them. Executing snort command manually: root@plzfnsm01:~# snort -c /data/config/etc/idpsnort01/snort.conf --dump-dynamic-rules=/tmp/h Running in Rule Dump mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/data/config/etc/idpsnort01/snort.conf" PortVar 'HTTP_PORTS' defined : [ 80:89 311 383 591 593 631 901 1090 1220 1414 1741 1830 2301 2381 2809 3037 3128 3200 3210 3300 3310 3333 3600 3610 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8100 8118 8123 8180:8181 8222 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50000:50010 51000:51010 55555 ] PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ] PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ] PortVar 'SSH_PORTS' defined : [ 22 ] PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ] PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ] PortVar 'FILE_DATA_PORTS' defined : [ 80:89 110 143 311 383 591 593 631 901 1090 1220 1414 1741 1830 2301 2381 2809 3037 3128 3200 3210 3300 3310 3333 3600 3610 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8100 8118 8123 8180:8181 8222 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50000:50010 51000:51010 55555 ] PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ] Detection: Search-Method = AC-Full-Q Split Any/Any group = enabled Search-Method-Optimizations = enabled Maximum pattern length = 20 ERROR: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(0) Unable to open rules file "/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules": No such file or directory. And it is correct: VRT-botnet-cnc.rules doesn't exists: root@nsm01:~# ls -la /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules ls: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules: No such file or directory root@nsm01:~# ls /data/config/etc/idpsnort01/rules/ VRT-app-detect.rules VRT-exploit-kit.rules VRT-indicator-shellcode.rules VRT-policy-other.rules VRT-pua-other.rules VRT-server-oracle.rules VRT-blacklist.rules VRT-exploit.rules VRT-malware-backdoor.rules VRT-policy-social.rules VRT-pua-p2p.rules VRT-server-other.rules VRT-browser-chrome.rules VRT-file-executable.rules VRT-malware-cnc.rules VRT-policy-spam.rules VRT-pua-toolbars.rules VRT-server-webapp.rules VRT-browser-firefox.rules VRT-file-flash.rules VRT-malware-other.rules VRT-preprocessor.rules VRT-rpc.rules VRT-snmp.rules VRT-browser-ie.rules VRT-file-identify.rules VRT-malware-tools.rules VRT-protocol-finger.rules VRT-scada.rules VRT-specific-threats.rules VRT-browser-other.rules VRT-file-image.rules VRT-netbios.rules VRT-protocol-ftp.rules VRT-scan.rules VRT-sql.rules VRT-browser-plugins.rules VRT-file-multimedia.rules VRT-nntp.rules VRT-protocol-icmp.rules VRT-sensitive-data.rules VRT-telnet.rules VRT-browser-webkit.rules VRT-file-office.rules VRT-os-linux.rules VRT-protocol-imap.rules VRT-server-apache.rules VRT-tftp.rules VRT-content-replace.rules VRT-file-other.rules VRT-os-other.rules VRT-protocol-pop.rules VRT-server-iis.rules VRT-web-client.rules VRT-decoder.rules VRT-file-pdf.rules VRT-os-solaris.rules VRT-protocol-services.rules VRT-server-mail.rules VRT-x11.rules VRT-dns.rules VRT-indicator-compromise.rules VRT-os-windows.rules VRT-protocol-voip.rules VRT-server-mssql.rules VRT-dos.rules VRT-indicator-obfuscation.rules VRT-policy-multimedia.rules VRT-pua-adware.rules VRT-server-mysql.rules ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1, (continued)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 JJ Cummings (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 JJC (May 10)